sounds: this is a micro kernel and hence a
security chokepoint. The other stuff running on top do not need the
same level of assurance.
kr,
Yo
--
Johan Peeters
http://johanpeeters.com
___
Secure Coding mailing list (SC-L) SC-L@securecoding.org
gt; Secure Coding mailing list (SC-L) SC-L@securecoding.org
> List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l
> List charter available at - http://www.securecoding.org/list/charter.php
> SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com)
on a first-come, first-served basis.
A 25% Early Bird discount is available until January 15th. Public
servants receive a 50% discount.
Best Wishes for 2010,
Yo
--
Johan Peeters
Program Director
http://secappdev.org
___
Secure Coding mailing list (SC-L)
tment. Registration is on a first-come, first-served basis.
A 25% Early Bird discount is available until December 31. Public
servants receive a 50% discount.
Kind regards,
Yo
--
Johan Peeters
Program Director
http://secappdev.org
___
Secure Coding mailing list (SC-
,
but do not hesitate to contact me if you have further questions.
I hope to see you soon.
Yo
--
Johan Peeters
Program Director
http://secappdev.org
___
Secure Coding mailing list (SC-L) SC-L@securecoding.org
List information, subscriptions, etc - http
ist/charter.php
> SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com)
> as a free, non-commercial service to the software security community.
> Follow KRvW Associates on Twitter at: http://twitter.com/KRvW_Associates
> _
? Or can anyone allay my fears?
kr,
Yo
--
Johan Peeters
http://johanpeeters.com
___
Secure Coding mailing list (SC-L) SC-L@securecoding.org
List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l
List charter available at - http
C-L@securecoding.org
> List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l
> List charter available at - http://www.securecoding.org/list/charter.php
> SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com)
> as a free, non-commercial servi
eo with a human in it, yet. Wonder if it exists
> somewhere...
No, it predates the time when we got a camera :-)
Some of the 2013 lectures do have a human in them and are being
published on the secappdev org YouTube channel.
--
Johan Peeters
http://secappdev.org
___
nice one, Gary. Finally something positive about agile and DevOps. A
trick that you may have missed is immutable servers, see Docker and
friends. They will be a leap forward for server security when they hit
the mainstream.
___
Secure Coding mailing list
e calls.
For further information and registration details, visit
http://www.secappdev.org.
--
Johan Peeters
http://www.secappdev.org
+32 16 649000
ed to user stories. I have
proposed to also extend user stories to abuser stories
(http://www.johanpeeters.com/papers/abuser stories.pdf).
kr,
Yo
Gunnar Peterson wrote:
I have published a new paper on integrating security into Use Case
Modeling:
http://www.arctecgroup.net/secusecase.htm
-gp
cations such as mail, directory services,
network file systems, remote procedure calls.
For further information and registration details, visit
http://www.secappdev.org.
--
Johan Peeters
program director
http://www.secappdev.org
+32 16 649000
___
Secure Codin
w.com/mailman/listinfo/sc-l
List charter available at - http://www.securecoding.org/list/charter.php
--
Johan Peeters
program director
http://www.secappdev.org
+32 16 649000
___
Secure Coding mailing list (SC-L)
SC-L@securecoding.org
List inform
y Group
Direct: (703) 404-5726 Cell: (703) 727-4034
Key fingerprint = 4772 F7F3 1019 4668 62AD 94B0 AE7F
http://www.cigital.com
Software Confidence. Achieved.
On May 21, 2006, at 8:23 AM, Johan Peeters wrote:
That sounds like a very exciting idea, but I am not sure about the
mechanics of gett
type safety is. So the fact
that javascript may (or may not) have closure fails in comparison to the fact
that it is not type safe.
Ajax is a disaster from a security perspective.
gem
-Original Message-
From: Johan Peeters [mailto:[EMAIL PROTECTED]
Sent: Sat May 20 15:44:46 20
rgument for closure.
Yay, language arcana!
gem
-Original Message-----
From: Johan Peeters [mailto:[EMAIL PROTECTED]
Sent: Sun May 21 09:08:14 2006
To: John Steven
Cc: Gary McGraw; Mailing List, Secure Coding; SSG
Subject:Re: [SC-L] Ajax one panel
We may be at cross purposes.
code, and it only produces a single false-positive
for you to check out. That false positive just happens to be the
complete source code listing for your entire program :)
If you can guarantee it is a false positive, this is a very useful tool
indeed :-)
kr,
Yo
--
Johan Peeters
progr
pants with a thorough grounding in
application security.
The course takes place in the Groot Begijnhof in Leuven, Belgium, a
UNESCO World Heritage site.
Registration is on a first-come, first-served basis.
For more information visit the web site: http://secappdev.org.
--
Johan Peeters
program dir
, LLC (http://www.KRvW.com)
> as a free, non-commercial service to the software security community.
> ___
>
--
Johan Peeters
http://johanpeeters.com
___
Secure Coding mailing list (SC-L) SC-L@securecoding.org
Li
SEC(Gold)
> Intel Corporation
> ( (916) 377-9428 | * [EMAIL PROTECTED]
> ___
> Secure Coding mailing list (SC-L) SC-L@securecoding.org
> List information, subscriptions, etc -
> http://krvw.com/mailman/listinfo/sc-l
> List charter available at -
> http://www.securecod
will again be 25.
> - Over what period of time?
> - Was it mandatory? And to Sammy's point, at what
> management level was it loudly supported?
>
> Thanks for your insights,
> Hollis
>
> At 11:51 AM 8/19/2007, Johan Peeters wrote:
> > >From my experience with secappde
sc-l
> List charter available at - http://www.securecoding.org/list/charter.php
> SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com)
> as a free, non-commercial service to the software security community.
> ___
>
--
J
your program had to be EXACT or the mainframe would
> not compile it.
>
> Paul Powenski
>
>
>
>
>
>
> ljknews <[EMAIL PROTECTED]> wrote:
> At 9:16 PM +0100 11/1/07, Johan Peeters wrote:
> > I think this could do a great service to the community.
&
y to avoid disappointment.
kr,
Yo
--
Johan Peeters
http://secappdev.org
http://johanpeeters.com
___
Secure Coding mailing list (SC-L) SC-L@securecoding.org
List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l
List charter av
t;> security as
> >>> part of their standard operating procedures. Developers are still
> >>> oftentimes lazy and sloppy, creating XSS and CSRF and SQL injection
> >>> holes.
> >>>
> >>> I then look at SXSW from afar and think: a) shouldn't I be there
> >>> evangelizing securit
you a safe, happy and secure 2009,
Yo
--
Johan Peeters
Program Director
http://secappdev.org
___
Secure Coding mailing list (SC-L) SC-L@securecoding.org
List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l
List charter available at
ve to input
validation.
kr,
Yo
--
Johan Peeters
http://johanpeeters.com
___
Secure Coding mailing list (SC-L) SC-L@securecoding.org
List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l
List charter available at - http://www
quity can only be used as debt
collateral, if it has a rating' :-)
Before setting to work on your example, Florian, I would rephrase it
as 'the date of entry of the shipment address must not be after the
date of entry of credit card details'. I would then consider this an
input valida
29 matches
Mail list logo